rippled icon indicating copy to clipboard operation
rippled copied to clipboard
verified publisher icon XRPLF

fix: Inner batch transactions never have valid signatures

Open ximinez opened this issue 1 month ago • 1 comments

High Level Overview of Change

Introduces a fix amendment that will skip over a problematic and unnecessary block in checkValidity that will set flags indicating that an inner transaction has a valid signature. Inner transactions, by definition, never have valid signatures.

I don't think this is exploitable as such, because there are additional checks before an inner transaction is applied to the ledger, but why take that chance?

It updates some of the callers of checkValidity to skip over the function if the tfInnerBatchTxn flag is set, either by treating it as always valid, or always invalid, depending on the context. The remaining will always fail for an inner tx.

Introduces amendment fixBatchInnerSigs.

Context of Change

This discussion on the Lending Protocol implementation PR: https://github.com/XRPLF/rippled/pull/5270#discussion_r2373083204

Type of Change

  • [X] Bug fix (non-breaking change which fixes an issue)

ximinez avatar Nov 21 '25 21:11 ximinez

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: Project coverage is 79.1%. Comparing base (40198d9) to head (6369651).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##           develop   #6069   +/-   ##
=======================================
  Coverage     79.1%   79.1%           
=======================================
  Files          836     836           
  Lines        71245   71248    +3     
  Branches      8318    8317    -1     
=======================================
+ Hits         56354   56362    +8     
+ Misses       14891   14886    -5
Files with missing lines Coverage Δ
src/xrpld/app/misc/NetworkOPs.cpp 69.8% <100.0%> (ø)
src/xrpld/app/tx/detail/Transactor.cpp 92.2% <100.0%> (+0.2%) :arrow_up:
src/xrpld/app/tx/detail/apply.cpp 94.5% <100.0%> (+2.0%) :arrow_up:

... and 6 files with indirect coverage changes

Impacted file tree graph

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

codecov[bot] avatar Nov 21 '25 21:11 codecov[bot]